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Claim 22 is amended to correct a formality error. No new issues are 
introduced in this amendment. 

/. Rejection under 35 USC 112. 

Claim 22 is rejected under 35 USC 112 second paragraph as being * 
indefinite for failing to particularly point out and distinctly claim the subject matter. 
Specifically, claim 22 is rejected as having insufficient antecedent basis for the term 
"said formed link". 

Claim 22 is amended to recite "forming a URL to provide a formed 
URL link" to remove the informality. Consequently this ground of rejection is no 
longer deemed to apply and its withdrawal is respectfully requested. 

1L Rejection under 35 U.S.C. 102(b) 

Claims 1-9, 11-15, 18, 20 t 21, 23 and 24 are rejected under 35 U.S.C. 
102(b) as being anticipated by U.S. Patent 5,708,780 - Levergood et al. These claims, 
are deemed to be patentable for the reasons given below. 

Claim 1 recites a system "employed by a first application for encoding 
URL link data for use in detecting unauthorized URL modification" comprising "an 
input processor for receiving an encryption key; a URL processor for adaptively 
processing a URL link to a second application differently to an intra-application link 
to a web page provided by said first application by using said received encryption key 
to encrypt a URL link address portion of said URL link to said second application to 
produce a processed URL and by non-encryption of said intra-application link; and a 
communication processor for including said processed URL in data representing a 
web page and for communicating said web page representative data including said 
processed URL to a requesting application". These features are not shown (or 
suggested) in Levergood. 

The system of claim 1 involves "adaptively processing a URL link to a 
second application differently to an intra-application link to a web page provided by 
said first application". This is done "by using said received encryption key to encrypt 
a URL link address portion of said URL link to said second application to produce a 
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processed URL and by non-encryption of said intra-application link". These features 
address the security deficiencies of URL processing functions of electronic systems. 
"Applications are vulnerable to the corruption of URL data and the context 
information conveyed within the URL data. The URL data conveyed from application 
200 to application 230 includes context information comprising a session identifier 
and optionally a user or patient identifier. This URL data is potentially vulnerable to 
corruption to cause URL replay or redirection of an application to a substitute address 
or to gain access to application functions and parameters for unauthorized purposes. 
In order to protect against such corruption and to ensure that the entity being accessed 
is the one originally targeted, portions of the URL data conveyed between 
applications are advantageously encrypted" (Application page 1 1 lines 1-9)* 



The claimed system addresses the security problem by adaptively 
generating URLs for accessing intra-application web pages differently to URLs 
accessing web pages accessed by a different application- See Application page 14 
lines 34-36 reciting -'because the link to the test results page is an intra-application 
link there is no requirement for this particular embedded link to be processed in the 
manner previously described to incorporate the session identifier and other context 
information**. 



Levergood does not show or suggest "adaptively processing a URL 
link to a second application differently to an intra-application link to a web page 
provided by said first application". Levergood also fails to show or suggest doing this 
"by using said received encryption key to encrypt a URL link address portion of said 
URL link to said second application to produce a processed URL and by non- 
encryption of said intra-application link". In an exemplary embodiment of the 
invention illustrated in the Application specification pages 11-12, application 200 
advantageously, for example, encrypts "a URL link address portion" comprising a 
hash value identified by field identifier GSH= derived by "hashing on the 
addressable portion of a fully qualified URL" comprising the "URL data either lying 
between the "http://" and the question mark or from the data lying between the 
"http://" and the pound/number sign - whichever comes first" (Application page 
10 lines 1-2 and page 11 line 27). Consequently, in the exemplary URL string shown 
processed in the specification page 12 

www,smedxom/altoona/p^^ 
&Pid=1772693&FrgclP=blue 
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the compressed address portion is 24017 which is concatenated with a patient 
identifier (Application page 12 line lines 17-21) as shown: 

GSH=24017&Pid^l772693 
and is encrypted into the string 

16sfdjwhejeyw7rh3hekw 

to produce the processed URL including the encrypted URL address portion: 

www.smcdxom/altoona/prd/jraul^ 
w7rh3hekw&Frgclr^blue. 

This is an exemplary processed URL". The Rejection makes a fundamental error 
on page 3 in interpreting the Levergood reference. Contrary to the Rejection 
statements on page 3 T Levergood in column 5 lines 61-65 and column 3 lines 34-37 
relied on in the Rejection merely discloses encryption of a session identifier (SID) and 
an IP address. Specifically, Levergood states "the digital signature is a cryptographic 
hash of the remaining items in the SID and the authorized IP address which are 
encrypted with a secret key which is shared by the authentication and content 
servers"- Levergood column 5 lines 61-65, also see column 3 lines 33-37), 



comprises" an "accessible domain" in the "SID encrypted with a secret key**, the 
Levergood accessible domain is NOT a URL or an address portion of a URL 
(Levergood column 3 lines 33-37). Levergood explicitly defines an accessible 
"domain" as a collection of files and NOT a URL or address portion of a URL (**A 
protection domain is defined by the service provider and is a collection of controlled 
files of common protection within one or more servers" - Levergood column 3 lines 
52-55). This is further made clear in column 5 lines 54-61 stating a "preferred SID is 
a sixteen character ASCII string that encodes 96 bits of SID data" that contains "an 8- 
bit domain comprising a set of information files to which the current SID authorizes 
access". Such an "accessible domain" as used by Levergood is not in a URL link 
address portion. This is further corroborated in Levergood in column 6 lines 29-34 
indicating that such a domain is in the non-address, URL data field portion of a URL 
(e.g. after the question mark), specifically, a "REDIRECT URL might be: 
"http^/auth.com/authenticate?domain= [domain]& URL = http://content.com/report". 



Further, although in Levergood a valid session identifier "typically 
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Levergood does not show or suggest using a received "encryption key 
to encrypt a URL link address portion of said URL link to said second application to 
produce a processed URL". Neither a session identifier nor an IP address as used in 
Levergood are a "URL or a URL address portion 0 . Indeed a URL and IP address are 
distinct and different objects with totally different functions ("the content server 
records the URL and the IP address" - Levergood column 5 lines 37-38). An IP 
address describes an electronic address of an Internet entity whereas a URL "consists 
of three parts: the transfer format, the host name of the machine that holds the file, 
and the path to the file" (Levergood column 2 lines 28-31). A session identifier 
identifies a user session of computer operation for example and is itself a distinct 
entity that may be conveyed within a field of a URL (Application page 1 1 line 19). 

Levergood also does not show or suggest the claim 1 feature 
combination involving "adaptively processing a URL link to a second application 
differently to an intra-application link to -a web page provided by said first 
application". Further, the purpose of the Levergood encryption is to ensure validity of 
session identifiers (SBDs) by using an ^Internet server** to subject "the client to an 
authorization routine prior to issuing the SID" (Levergood column 3 lines 24-26). In 
contrast, the Application addresses the problem of preventing "URL replay or 
redirection" through its recognition that URLs are "vulnerable to corruption" 
(Application page 1 1 lines 1-9). Consequently there is no reason, problem recognition 
or motivation for amending the Levergood system to include the claimed 
arrangement* Consequently, withdrawal of the rejection of claim 1 under 35 USC 
102(b) is respectfully requested. 

Dependent claim 2 is considered to be patentable based on its 
dependence on claim 1. Claim 2 is also considered to be patentable because 
Levergood does not show (or suggest) use of an "encryption key... accessible by said 
first and second applications from a managing application". Levergood discloses that 
an encryption key used for encrypting an IP address (NOT a URL address portion) is 
accessible by a content and authorization server (Levergood column 5 lines 61-65) but 
fails to show or suggest an encryption key for encrypting a "URL address portion" is 
accessible from a "managing application" by different "first and second applications". 

Dependent claim 3 is considered to be patentable based on its 
dependence on claim L Claim 3 is also considered to be patentable because 
Levergood does not show (or suggest) the "communication processor communicates 
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said URL link address portion to a managing application for encryption". Levergood 
does not suggest such a separate managing application used for encryption of URL 
data and operating in conjunction with distinct "first and "second" applications* 
Levergood in column 5 lines 44-49 relied on in the Rejection merely mentions 
redirecting a URL to an authentication server for authenticating a session identifier. 
This has no bearing on communicating a "URL link address portion to a managing 
application for encryption". 

Dependent claim 4 is considered to be patentable based on its 
dependence on claim 1. Claim 4 is also considered to be patentable because 
Levergood does not show (or suggest) the "URL processor of said first application 
adaptively processes said URL link to said second application differently to said link 
to said web page provided by said first application in response to an identified URL 
type". Levergood contrary to the Rejection statement on page 4 does not show any 
form of adaptive URL processing in response to "URL type" or even mention or 
suggest "URL type" in column 3 line 56 to column 4 line 24 or elsewhere. 



Amended dependent claim S is considered to be patentable based on its 
dependence on claims 1 and 4. Claim 5 is also considered to be patentable because 
Levergood does not show (or suggest) "said URL link to said second application 
includes an encrypted address portion and said link to said web page provided by said 
first application includes a non-encrypted address portion". Levergood does not 
suggest such a feature combination for reasons given in connection with claim 1. 

Dependent claim 6 is considered to be patentable based on its 
dependence on claim 1. 



Dependent claim 7 is considered to be patentable based on its 
dependence on claim 1. Claim 7 is also considered to be patentable because 
Levergood does not show (or suggest) "said URL processor compresses said URL 
link address portion and encrypts a compressed URL link address portion". 
Levergood does not suggest such a feature combination for reasons given in 
connection with claim L The hash compression relied on in the Rejection of 
Levergood column 5 lines 61-65 is of "items in the SID and the authorized IP 
address" and NOT of a "URL link address portion" as previously explained in 
connection with claim 1 (Levergood column 5 lines 61-65, also see column 3 lines 
33-37). 
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Dependent claim 8 is considered to be patentable based on its 
dependence on claims 1 and 7. Claim 8 is also considered to be patentable because 
Levergood does not show (or suggest) "said URL processor compresses said URL 
link address portion using a hash function". Levergood does not suggest such a 
feature combination for reasons given in connection with claims 1 and 7. 



Dependent claim 9 is considered to be patentable based on its 
dependence on claims 1 and 7. Claim 9 is also considered to be patentable because 
Levergood does not show (or suggest) "said communication processor communicates 
said URL link address portion to a managing application for compression". 
Levergood does not suggest such a feature combination for reasons given in 
connection with claim I, Levergood in column 5 lines 44-49 relied on in the 
Rejection merely mentions redirecting a URL to an authentication server for 
authenticating a session identifier. This has no bearing on communicating a "URL 
link address portion to a managing application for encryption**. 

Independent claim 11 recites a "system for encoding URL link data for 
use in detecting unauthorized URL modification occurring during concurrent 
operation of a plurality of applications" comprising "a managing application for 
providing a common encryption key to a plurality of concurrently operating 
applications; and a first application including, an input processor for receiving said 
encryption key; a URL processor for adaptively processing a URL link to a second 
application differently to an intra-application link to a web page provided by said first 
application by using said received encryption key to encrypt a URL link address 
portion of said URL link to said second application to produce a processed URL and 
by non-encryption of said intra-application link; and a communication processor for 
including said processed URL in data representing a web page and for communicating 
said web page representative data including said processed URL to a requesting 
application". 

Independent claim 11 is considered to be patentable for the reasons 
given in connection with claim 1. Claim II is also considered to be patentable 
because Levergood does not show (or suggest) a feature combination including a 
"managing application for providing a common encryption key to a plurality of 
concurrently operating applications". Levergood discloses an encryption key used for 
encrypting an IP address (NOT a URL address portion) is accessible by a content and 
authorization server (Levergood column 5 lines 61-65) but fails to show or suggest an 
encryption key for encrypting a "URL address portion" is accessible from a 
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"managing application for providing a common encryption key to a plurality of 
concurrently operating applications". 



Dependent claim 12 is considered to be patentable based on its 
dependence on claim 11. Claim 12 is also considered to be patentable because 
Levergood does not show (or suggest) "said communication processor communicates 
said URL link address portion to a managing application for compression". 
Levergood does not suggest such a feature combination for reasons given in 
connection with claims 1 and 2 # 



Dependent claim 13 is considered to be patentable based on its 
dependence on claim 11. Claim 13 is also considered to be patentable because 
Levergood does not show (or suggest) "said URL processor compresses said URL 
link address portion and encrypts a compressed URL link address portion". 
Levergood does not suggest such a feature combination for reasons given in 
connection with claims 1 and 7. 



Dependent claim 14 is considered to be patentable based on its 
dependence on claims 11 and 13* Claim 14 is also considered to be patentable 
because Levergood does not show (or suggest) "said URL processor compresses said 
URL link address portion using a hash function"- Levergood does not suggest such a 
feature combination for reasons given in connection with claims 1 and 8. 



Dependent claim 15 is considered to be patentable based on its 
dependence on claims 11 and 13* Claim 15 is also considered to be patentable 
because Levergood does not show (or suggest) "said communication processor 
communicates said URL link address portion to said managing application for 
compression". Levergood does not suggest such a feature combination for reasons 
given in connection with claims 1 and 3. 



Independent claim 18 recites a "system for processing URL link data 
for detecting unauthorized URL modification and suitable for use by a plurality of 
concurrently operating applications" comprising "a first application including, a URL 
processor for adaptively generating a URL link to a second application differently to a 
URL link to a web page provided by said first application, to provide a generated 
URL by using a received encryption key to encrypt a URL link address portion of said 
URL link to said second application and by non-encryption of said URL link to said 
web page provided by said first application; and a communication processor for 
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including said generated URL in data representing a web page and for communicating 
said web page representative data including said generated URL to a requesting 
application**. Amended claim 18 is considered to be patentable for the reasons given 
in connection with claim 1, Further, contrary to the Rejection statement on page 6, 
Levergood in column 6 lines 17-26, does NOT show or suggest incorporation in "data 
representing a web page" of a URL generated by "using a received encryption key to 
encrypt a URL link address portion". Levergood in column 6 lines 17-26 merely 
discloses search of a web page for links NOT incorporation of generated URL links in 
"data representing a web page" and specifically NOT incorporation in "data 
representing a web page" of a URL generated by "using a received encryption key to 
encrypt a URL link address portion**. 

Independent claim 20 recites a "A system supporting concurrent 
operation of a plurality of Internet compatible applications'* comprising "a browser 
application including, a display generator for providing a user interface display 
permitting user entry of identification information -and commands for a plurality of 
Internet compatible applications and for providing user identification information to a 
first application; a URL generator for adoptively generating a URL including URL 
fields incorporating an encrypted URL address portion and a non-encrypted session 
identifier; and a processor for initiating communication of said generated URL to said 
first application in response to validation of said user identification information, said 
first application having access to a key for decrypting said encrypted URL address 
portion". Amended claim 20 is considered to be patentable for reasons given in 
connection with claim 1. 

Independent claims 21 and 23 are considered to be patentable for 
reasons given in connection with claim 1. 

Independent claim 24 is considered to be patentable for reasons given 
in connection with claims 1 and 11. 

JJL Rejection under 35 U.S.C. 103(a) 

Claims 10, 16, 17, 19 and 22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over U.S. Patent 5,708,780 - Levergood et al in view of U.S. 
Patent 5,995,939 — Berman et al. These claims, are deemed to be patentable for the 
reasons given below. 
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Dependent claim 10 is considered to be patentable based on its 
dependence on claim 1. Claim 10 is also considered to be patentable because 
Lcvergood (with Berman) does not show (or suggest) "said URL processor adaptively 
generates URL fields including encrypted patient specific information for 
incorporation in said URL link to said second application". Levergood (with Berman) 
does not suggest such a feature combination for reasons given in connection with 
claim 1. Specifically, in the Berman system messages are conveyed in SMTP (not 
HTTP protocol) format in accordance with the HL7 standard ("At the present time* e- 
mail messages sent over the Internet must be in standard SMTP format" 
- Berman column 5 lines 61-62). Berman does not even mention a URL. Contrary to 
the Rejection statement on page 7, there is no suggestion in Berman (with Levergood) 
in column 6 lines 2-15 or elsewhere of the claim 10 feature combination involving 
"adaptively" generating "URL fields including encrypted patient specific 
information for incorporation in said URL link to said second application" together 
with an encrypted "URL link address portion". 

Further, combining the Levergood system with the Berman features as 
indicated by the Rejection results in a system for encrypting IP addresses and session 
identifiers for communication in email messages conveying patient specific 
information. Such a system does NOT show or suggest the claimed features. Further, 
the purpose of the Levergood encryption is to ensure validity of session identifiers 
(SIDs) by using an "Internet server" to subject "the client to an authorization routine 
prior to issuing the SID" (Levergood column 3 lines 24-26). The objective of Berman 
is to provide an e-mail based system for making and fulfilling service requests 
between remote sites (Berman column 2 lines 21-26) In contrast, the Application 
addresses the problem of preventing "URL replay or redirection" through its 
recognition that URLs arc "vulnerable to corruption" (Application page 1 1 lines 1-9). 
Consequently there is no common reason, problem recognition or motivation for 
combining the Levergood and Berman systems to provide the claimed arrangement. 
Consequently, withdrawal of the rejection of claim 1 under 35 USC 103(a) is 
respectfully requested. 

Independent claim 16 recites a "system for encoding URL link data for 
use in detecting unauthorized URL modification" comprising "a browser application 
for providing a user interface display permitting user entry of identification 
information for providing user identification information to a first application; a first 
application responsive to said user identification information including, a URL 
processor for adaptively generating URL fields including an encrypted URL address 
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portion and encrypted patient specific information for incorporation together with a 
non-encrypted portion in a processed URL; and a communication processor for 
including said processed URL in data representing a web page and for communicating 
said web page representative data including said processed URL to a requesting 
application". Amended claim 16 is considered to be patentable for the reasons given 
in connection with claims 1 and 10. 

Dependent claim 17 is considered to be patentable based on its 
dependence on claim 16. Claim 17 is aLso considered to be patentable because 
Levergood (with Berman) does not show (or suggest) "said communication processor 
communicates said URL address portion and said encrypted patient specific 
information to another application for encryption". Levergood (with Berman) does 
not contemplate or mention encrypting a **URL address portion" and "patient 
specific information" within a URL at all. 

Dependent claim 19 is considered to be patentable based on its 
dependence on claim IS. Claim 19 is also considered to be patentable because 
Levergood (with Berman) does not show (or suggest) generation of "a URL field 
including encrypted patient specific information for incorporation in said generated 
URL link to said second application". Levergood (with Berman) does not convey 
encrypted data in a URL at all as explained in connection with claim 10. 
Consequently, withdrawal of the rejection of claims 1-24 under 35 USC 102(e) is 
respectfully requested. 

Amended independent claim 22 is considered to be patentable for the 
reasons given in connection with claims 1, 10 and 16. 

In view of the above amendments and remarks, Applicants submit that 
the Application is in condition for allowance, and favorable reconsideration is 
requested. 

Respectfully submitted, 

Alexander J. Burke 
Date: May 25, 2005 Reg. No. 40,425 

Siemens Corporation, 
Customer No. 28524 
Tel. 732 321 3023 
Fax 732 321 3030 
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